1
/* Copyright (C) 1997, 1998, 1999, 2000, 2002, 2003 Thorsten Kukuk
2
Author: Thorsten Kukuk <kukuk@suse.de>
4
The YP Server is free software; you can redistribute it and/or
5
modify it under the terms of the GNU General Public License
6
version 2 as published by the Free Software Foundation.
8
The YP Server is distributed in the hope that it will be useful,
9
but WITHOUT ANY WARRANTY; without even the implied warranty of
10
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11
General Public License for more details.
13
You should have received a copy of the GNU General Public
14
License along with the YP Server; see the file COPYING. If
15
not, write to the Free Software Foundation, Inc., 675 Mass Ave,
16
Cambridge, MA 02139, USA. */
25
#include <sys/syslog.h>
30
#include <sys/socket.h>
31
#include <netinet/in.h>
32
#include <arpa/inet.h>
35
#include "ypserv_conf.h"
41
static conffile_t *conf = NULL;
50
log_msg ("Reloading %s/ypserv.conf", CONFDIR);
61
conf = load_ypserv_conf (CONFDIR);
64
/* Give a string with the DEFINE description back */
66
ypproc_name (int proc)
73
return "ypproc_domain";
74
case YPPROC_DOMAIN_NONACK:
75
return "ypproc_domain_nonack";
77
return "ypproc_match";
79
return "ypproc_first";
85
return "ypproc_clear";
89
return "ypproc_master";
91
return "ypproc_order";
93
return "ypproc_maplist";
99
/* The is_valid_domain function checks the domain specified bye the
100
caller to make sure it's actually served by this server.
102
Return 1 if the name is a valid domain name served by us, else 0. */
104
is_valid_domain (const char *domain)
108
if (domain == NULL || domain[0] == '\0' ||
109
strcmp (domain, "binding") == 0 ||
110
strcmp (domain, "..") == 0 ||
111
strcmp (domain, ".") == 0 ||
112
strchr (domain, '/'))
115
if (stat (domain, &sbuf) < 0 || !S_ISDIR (sbuf.st_mode))
121
/* By default, we use the securenet list, to check if the client
124
return 1, if request comes from an authorized host
125
return 0, if securenets does not allow access from this host
126
return -1, if request comes from an unauthorized host
127
return -2, if the map name is not valid
128
return -3, if the domain is not valid */
131
is_valid (struct svc_req *rqstp, const char *map, const char *domain)
133
const struct sockaddr_in *sin;
135
static unsigned long int oldaddr = 0; /* so we dont log multiple times */
136
static int oldstatus = -1;
138
if (domain && is_valid_domain (domain) == 0)
141
if (map && (map[0] == '\0' || strchr (map ,'/')))
144
sin = svc_getcaller (rqstp->rq_xprt);
146
status = securenet_host (sin->sin_addr);
148
if ((map != NULL) && status)
155
if ((sin->sin_addr.s_addr & work->netmask.s_addr) == work->network.s_addr)
156
if (strcmp (work->domain, domain) == 0 ||
157
strcmp (work->domain, "*") == 0)
158
if (strcmp (work->map, map) == 0 || strcmp (work->map, "*") == 0)
164
switch (work->security)
167
if (work->mangle) status = 200 + work->mangle;
173
if (ntohs (sin->sin_port) >= IPPORT_RESERVED)
174
status = (work->mangle) ? 200 + work->mangle : -1;
177
else if (domain != NULL)
179
/* The map is not in the access list, maybe it
180
has a YP_SECURE key ? */
181
DB_FILE dbp = ypdb_open (domain, map);
186
key.dsize = sizeof ("YP_SECURE") - 1;
187
key.dptr = "YP_SECURE";
188
if (ypdb_exists (dbp, key))
189
if (ntohs (sin->sin_port) >= IPPORT_RESERVED)
198
log_msg ("%sconnect from %s", status ? "" : "refused ",
199
inet_ntoa (sin->sin_addr));
203
if (status < 1 && ((sin->sin_addr.s_addr != oldaddr)
204
|| (status != oldstatus)))
206
"refused connect from %s:%d to procedure %s (%s,%s;%d)\n",
207
inet_ntoa (sin->sin_addr), ntohs (sin->sin_port),
208
ypproc_name (rqstp->rq_proc),
209
domain ? domain : "", map ? map : "", status);
211
oldaddr = sin->sin_addr.s_addr;